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In the Claims: 

1. (Currently Amended) A system for network content monitoring, 
comprising: 

a transport data monitor, connectable to a point in a network, for 
monitoring data being transported past said point, 

a description extractor, associated with said transport data monitor, for 
extracting descriptions of said data being transported, 

a database of at least one preobtained description of known content whose 
movements it is desired to monitor, c^irl content being intpfnally penerated in tfae 
network in advance of said extracting, said preobtained description being obtained in 
advance of said extracting descrijrtions, and 

a comparator, configured to determine whether said extracted description 
corresponds to any of said at least one preobtained descriptions, and to decide whether 
said data being transported, cpmprisess any of said content whose movements it is 
desired to monitor a9Cording to sfaid detenninirig. 

2. .(Original) A system,.according .tp .claim 1, wherein said description 
extractor .is opMable to extra^r a identifiably descriptive of said data being 
transported. / . • 

3. (Original) A system, according to claim 1, wherein said description 
extractor is operable to extract a signature of said data being transported. 

4. (Original) A system . according to claim 1, wherein said description 
extractor is operable to e:^t characteristics of said data being lianspoited. 

5. (Original) A system accordmg to claim 1, wherein said description 
extractor is operable to extract encapsulated meta information of said data being 
transported. ^ .. . 



6. (Original) A system according to claim 1, wherein said description 
extractorjs.operaWe.to extract multi-level descriptions of said data being transported. 
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7. (Original) A system accorditig to claim 6, wherein said multi-level 
description comprises of a pattern idcntifiably descriptive of said data being 
transported. 

8. (Original) A system Riding to claim 6, wherein said multi-level 
description comprises a signature of said data being transported. 

9. (Origiiial) A system according to claim 6. wherein said multi-level 
description comprises characteristics of said data being. transported. 

10. (Origfaial) A system according to claim 6, wherein said multi-level 
description comprises encapail?ited meta^informatiqn of said data being transported. 

11. (Original) A system according to claim 1, wherein said description 
extractor is a si^ture extractor, for extracting a derivation of said data, said 
derivation being a' signature indicative of content'of said data bdng transported, and 
wherein said at least one preobtidned description is a preobtained signature. 

12. (Previously Presented) A systei^ according to claim 1, said network 
being a packet-switched network and said data being transported comprising passing 
packets. ... ... -. t-, ^ : ■ . 

13. (Previously Presented) A system according to claim 1, said network 
being a packet-switched network, said dat^ being transported comprising passing 
packets and said transport data monitor being operable to monitor header content of 



14. (Previously Presented) A system according to claim 1, said network 
being a packet-switched networi^ said data being transported comprising passing 
packets, and said transport- data extractor being operable to monitor header content 
and data content of said passing packets. . . 
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15. (Original) A system according to claim 1, wherein said transport data 
monitor is a software agent, operable to place itself on a predetermined node of said 
netwoilc 

16. (Original) A system according to claim 1, comprising a plurality of 
transport data monitors distributed over a pluraUty of points on said network. 

17. (Original) A system^ according to claim 1, said transport data monitor 
further comprising a multimedia filter for determining whether passing content 
comprises multimedia data and restricting said signaftore extraction to said multimedia 
data. 

18. (Original) A system.,according.tp claim 1, said data being transported 
comprising a plurality of . protocol layers, Ae system fiirther comprising a layer 
analyzer connected between said transport data monitor and said signature extractor, 
said layer analyzer comprising analyzer modules fpi at least two of said layers. 

19. (Original) A system according to claim 18, said layer analyzer 
comprising sq)arate analyzer modules for respective layers. 

20. (Original) A system according to claim 18, further comprising atrafiBc 
associator, connected to said analyze modules, for using output from said analyzer 
modules to associate transpprt.data fipm diffejerit sources as a single communication. 

,2.1. (Original) A system.according to claim 20, wherein said sources are at 
least one of a |pup . c^niprising:, data ^packets, communication channels, data 
monitors, and pre correlated data. 

22. (Original) A system according to claim 18, comprising a traffic state 
associator connected to receive output firom said layer analyzer modules, and to 
associate together output, of different layer analyzer modules, which belongs to a 
single communication. . 
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23. (Original) A system accoiding to claim 18, wherein at least one of said 
analyzer modules comprises a mtdtimedia filter for detennining whether passing 
content comprises multimedia data and restricting said signature extraction to said 
multimedia data. 

24. (Original) A system according to claim 1 8, wherein at least one of said 
analyzer modules comprises a compression detector for detemrining whether said 
extracted transport data is compressed.. ,^ 



25. (Original). A system according to claim 24, further comprising a 
decompressor, associated wiih said compression detector, for decompressing said data 
if it is determined that said data is compressed. 

26. (Ori^nal)" A system,.accordiT^^ claim 24, fiirther comprising a 
description extractor for extracting ?^;description direcUy ftom said compressed data. 

27. (Original) A syston according to claim 1 8, wherein at least one of said 
analyzer modules pompris^ an >nc?yption detect^ for determining whether said 
transport data is raicrypted.; , 

28. (Original) A system accoiding to claim 27, wherein said encryption 
detector comprise?, an entropy niMsuremerrt unU.for measuring entropy of said 
monitored transport data. 

29. (Original). A s:fstero ..according to claim 28, wherein said encryption 
detector is set to recbgnize a high entropy as an indication tiiat encrypted data is 



30. (Original) A system according to claim 29, wherein said 
encryption detector is set to^use a height of said measured entropy as a confidence 
level of said encrypted data indication. 



31. (Original) A system according, to claim 18, fiirther comprising a 
format detector for deterinining a format of said monitored transport data. 
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32. (Original) A system according to claim 3 1 , further comprising a media 
player, associated vaih said format detector, for rendering and playing said monitoied 
transport data as media according to said detected format, thereby to place said 
monitored transport data in condition for extraction of a signature which is 
independent of a transportation fonnat. 

33. (Original) A system according to claim 31, further comprising a 
parser, associated with said format detector, fo5 parsing said monitored transport 
media, thereby to place said monitored transport data in condition for extraction of a 
signamre wWchis independent of a ttansportation format. 

34. (Original) A Systran' according to claim 1, comprising a payload 
extractor located between said transport monitor and said signature extractor for 
extracting content carrymg,data for signature ejctraction. 

35. (driginal) A system, according to claun 1, wherein said signature 
extractor.compris6S a binary fiinctipp for applying to :said monitored transport data. 

36. (Original) A system according tojclaim 1, wherein said networic is a 
packet network, and wherein a buffer is associated with said signature extractor to 
enable said signature ej^tor to.extract a signature from a buffered batch of packets. 

37. (Original) A system accor^g to claim 35, wherein said binary 
ftinction comprises at least .one iMslifimctbn.: /. 

38. (Original) A. system accor^ng to claim 37. wherein said binary 
fimction comprises a first. fast.>ash fimction to^identify an offset in said monitored 
transport data and. a second, ^M. hash function for application to said monitored 
transport data using said offset 

39. (Original) A system according to claim 11. wherein said signature 
extractor comprises an audio signature extractor for extracting a signature from an 
audio part of said monitored data being transported. 
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40. (Original) A system according to claim 11, wherein said signature 
extiactor comprises a video signature extractor for extiacting a signature from a video 
part of said monitored data being transported. 

41. (Original), A system according to claim 11, said signature extractor 
comprising a pre-processor for pre-processing said monitored data being transported 
to improve signature extraction. 

42. (Original) A system according to claipi 41, said preprocessor operable 
to carry out at least one of a ^up of pie-processing operations comprising: removing 
emmeous data, removing redundancy, and canonizing properties of said monitored 
data being transported. , , 

43. (Original) A system according to claim 11, wherem said signal 
extractor comprises a binary signal extractor for initial signature extraction and an 
audio signature extractor .fot' ext^ng an ai^lio. signature in the event said initial 
signature extractioii fail's to yield .Mi identification, 

44 (Original) A system according to claim 11, wherein said signal 
extractor comprises a binary signal extractor for initial signature extraction and a text 
signature extractor for extracting a text signature in the event said initial signature 
extraction fails to yield.an ideirtifiMttion. 

45. (Original) A sy^tan according to claim U, wherein said signal 
extractor comprises a bibary ^gnal extractor for iiiitial signature extraction and a code 
signature e«tractor for. extracting- a code signature in the event said initial signature 
extraction fidls to.yield, an identification. 

; ••' >•'.-• 

46. (Original)A Systran according to claim 11, wherein said signal 

extractor comprises a binary signal extractor for initial signatiire extraction and a data 
content signature extractor for extracting a data content signature in tiie event said 
initial signature extraction fails to yield an identification. 
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47. (Original) A system according to claim 11, wherein said signature 
extractor is operable to use a plurality of signature extraction approaches. 

48. (Origioal) A system according to claim 47, further comprising a 
combiner for producing a combin^on of extracted signatures of each of said 
approaches. 

49. (Original) A system according to claim 47. wherein said comparator is 
operable to compare using signatures; of each of said approaches and to use as a 
comparison ou^ut a highest result of each of said approaches. 

50. (Original) A system, according tp claim 11. wherein said signal 
extractor compri^s a binary signal ixdractor for initial signature extraction and a 
video signature extractor for extracting a video signature in the event said initial 
signature extraction Ms to yield an identificatipn. 

51. (Original) A sjjstem according to claim 1 1, wherein there is a plurality 
of preobtained signatures and wherein said comparator is operable to compare said 
extracted signature with each one of said prepbtained signatures, thereby to determme 
whether said monitored transport data belongs ^ a content source which is the same 
as any of said signatures. , .v 

52 (Original) A system according to claim 51, said comparator being 
operable to obtain a cumulalsa W|er of matpies^pf said extracted signature. 

53. (Origiiwl) A.system according.to^laim 51, wherein said comparator is 
operable to calculate a likelihopd. of compatibility, with (?ach of said preobtained 
signatures and to output a highest one of said probabilities to an unauthorized content 
presence determinator connected subsequently to said comparator. 

.54. (Original) A system according to claim 52, said comparator being 
ppeiable to calculate a likelihood of compatibiUty with each of said preobtained 
signatares and to output an accumulated total^ of matches which exceed a threshold 
probability levd. . • • 
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55. (Original) A system accoiding to claim 52, said comparator being 
operable to calculate Hic likelihood of compatibiUty with each of said preobtained 
signatures and to output an accumulated likelihood of matches which exceed a 
threshold probability level. '•; ■ 

56. (Original) A system according to claim 51, comprising a sequential 
decision unit associated with said comparator, being operable to use a sequential 
decision test to update alikelihood of the presence of .given content, based on at least 
one of the foUo^^ring: successive, matches made by said comparator, context related 
parameters, other content related parameters and outside parameters. 

57. (Original) A Systran' according to claim 53, wherein said unauthorized 
content presence determinator^ is operable to use the output of said comparator to 
delmnme whether unauthorized "content is ivesent in said transport and to output a 
positive decision of said,presence to .^subsequently . connected poUcy determinator. 

58. (Original) A Systran according tb claim 51, wherein an unauthorized 
content presence detemiinator S connected subsequently to said comparator and is 
operable to use an output of s«d comparator to determine whether unauthorized 
content is present-in s^d data being transported, a positive decision of said presence 
being output to a subsequently, cramected policy, determinator. 

59. (Original) A system according to claim 58, wherein said policy 
determinator comprises- a rul^-based decision making unit for producing an 
enforcement fj^ca^hvedMj^ of at least said unauthorized content presence 
. determinator.. . . - . i , >f- ',, 

60. (Original) A system according, to claim 1, v*erem said policy 
determinator is operable to use said rule-based decision making unit to select between 
a set of outputs including, at least some oft^taking no action, performing .auditmg. 
outputting a transcript of said contqit, reducing bandwidth assigned to said transport, 
using an.active bitstreaniinterferaice technique, stopping said transport, preventing 
printing, preventing photocopying, reducing quality of the content, removing sensitive 
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parts, altering the content, adding .a message to the said content, and preventing of 
saving on a portable medium, 

61. (Original) A system according to claim 60, wherein said rule-based 
decision making nnit is operable use a likehhood level of a signature identification 
as an input in ordor to make said selection. 

62. (Original) A system according to claim 61, fiirther comprising a 
bandwidth management unit comiected to said policy determinator for managing 
network bandwidlh assigmnent in accordance wiUi output decisions of said policy 
detemunator. 

63. (Original) A system according to claim 1, fiuther comprising an audit 
unit for preparing and storing audit reports of transportation of data identified as 
conespondiiig to cbh^t it is desired to monitor. ^ 

64. (Original) A system according to claini 1, comprising a transcript 
output unit for producing traliSOTpts of content identified by said comparison 

65. (Original). A system- according to claim 27, fiirther comprising a policy 
determinate connected to receive :outeomes>pf said encryption determinator and to 
apply rule-based decision making to select between a set of outputs including at least 
some of: taking no acUon. performing auditing, outputting a transcript of said content, 
reducing bandwidth assigned' to said transport, using an active bitstream interference 
technique, and stopping said tfaiisport. 

66. (Original) A^sys^m according to claim 65, wherein said rule-based 
"decision-inaking cbriiprises rul^ based on wiifidence levels of said outcomes. 



12. Feb. 2007 14:29 ■ G.1: EHRLICH' (.1995) LTD. ' No. 2902 P, 18 

11 



67. (Original) A system according . to claim 65, wherein said policy 
detetminator is operable to use an inpiit of an amount of encrypted transport from a 
given user as a factor in said rule based decision making. 

68. (Oiiiwl) A system according to claim 30, further comprising a policy 
determinator connected to receive positive outcomes of said encryptjon determinator 
and to apply rule-based decision making to select between a set of outputs including 
at least some of: taking no actibii,pcrforming 'auditing, oulputting a ttanscript of said 
content, reducing ba^dWidth'a^sigffed to said «port. using an active bitstream 
interference technique, ani stoppiiig^said transport; said policy determinator operable 
to use: 

.an input of an,amoimt pf.encrypte;! transport from a given user, and 
said confidOTc^' leVei; as fectors in Said role based decUion making. 



69. (CuAently Amended) A systeni- yfor network content control, 

con^sing: • ''.. i v ^r . 

a trai^rt data monitor, connectable to a point in a network, for 

monitoring data bdn^ transported past said point, 

a sigiiire eitracti, associated wiA said transport data monitor, for 
extracting a derivation of payload of said ino^itoied data, said derivation being 
indicative of content of said data, 

a database of preobtJwned signatures of iaiown content whose movements 
it is desired to monitor, r/^ntant bein r intPmallv generated in the network jn 
.Hv,nr.. of said extracting, said prepbtained signatures being obtained in advance of 
said extracting asaid d^iyationofpdpayload,. 

a ^ini)arator. for:.co?^ 
signatures, and to determine whedier said moiiitored data comprises any of said 
contMit whose movements it is desired to control, 

a dedsion-maiting unit for producing, an enforcement decision, using the 

output of said comparator, and . . 
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a bandwidth management unit connected to said decision-making unit for 
managing network bandwidth assipiment in accordance with output decisions of said 
policy determinator, thereby to contiol content distribution over said network. 

70. (Ori^y. A systdn according to claim 69, wherein said decision- 
making unit is a rule-based decision-making unit 

71. (Ori^nal) A: systpin according M-claim 70, wherein said liansport data 
monitor is a software agent, operable, to place,its^ on a predetermined node of said 
network. 

72. (Original) A system Wding to clahri 70, comprising a jplurality of 
transport data moniti)rs aistiibufed:over a plurality of points on said netwoik. 

73! (Oriinal) A s^stem a<»o^^ claim 70, said transport data monitor 
further comprisii^'a''mitiin^iter fo^d^v^ ^vhether passing content 
comprises multimedia data and restricting said signature extraction to said multimedia 
data. 

.. 74. (CWginal) A: sjrstem according to claim 70, said transport data 
comprising a Jdurality of p«>tocol layers, the system further comprising a layer 
analyzer comiect«i between .s^^ trah^ data monitor and said signature extractor, 
said layer analyzer Umpri^J^^i^ modules for at least two of said Uyers. 

75. (Original) A system according to claim 74, comprising a traffic state 
associator coraiected to receive output ftoin said layer analyzer modules, and to 
associate together ou^ut qf ^^ffcrent layer analyzer modules which belongs to a 
single conmiunic,ation. 

76., (Origiiial) A .system according to claim 74, one of said analyzer 
modules comprising a multimedia fUter for detemiining whether passing content 
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composes 
data. 



multimedia data and tesliicting said data extraction to said multimedia 



77. (Origiiial) A system according to claim 74, one of said analyzer 
modules comprising.a compression. detector for determining whether said monitored 
transport data is compressed. 

78. (Original), A systern according to claim 77, fiatfjer comprising a 
decompressor, associated with said compression detector, for decompressing said data 
if it is detennined that said data is compressed. 

79. (Origin^). A„ system according to claim 74, one of said analyzer 
modules comprising' an encryption detector for determining whether said monitored 
transport data is encrypted. 

80. (Original).A system according to claim 79, wherein said encryption 
detector comprises an entippy measurement unit for measuring entropy of said 
monitored transport data. 

8i: (Origin^) A system according to claim 80, said encryption detector 
being set to recognize a high entropy as an indication that encrypted data is present 

82. (OrigiiMl) A.systein according to ^laim 81, said encryption detector 
being set to use a\ei^_ of, ^d measured! entropy as a confidence level of said 
encrypted data indication. 

,83.. (Original). A: syst^n according: to clann 74, fiirtha: wmprising a 
format detector for determining a foimat of said mpnitored transport data. 

84. (Original) A system, according to. claim 83, further comprising a media 
player, associated with said. format detector, for, rendering and playing said monitored 
transport data .as media according to said detected format, thereby to place said 
exiiacted transport data in condition for extraction of a signature which is independent 

ofattanspoitMipnfo"!?!^- ' ■ >■• ■ 
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85. (Original) A system according to claim 83, farther comprising a 
parser, associated with said format detector, for parsing said monitored transport 
media, thereby to place said extracted transport data in condition for extraction of a 
signature which is independent of a transportation fotinat 

86. (Original) A system according to claim 70, wherein said signature 
extractor comprises a binary function for applying to said extracted transport data. 

87. (Original) A system- according to claim 86, wherein said binary 
fimction comprises at least one fcasb fimcti^^ 

88. (Original) A system according to claim 87, wherein said binary 
function comprises a.fiKt,.fest,.lwsh.fimction to identify an offset in said extracted 
transport data, and a , second;, hash fimcdon for application to said extracted 
transport data u»ng said ofEset. 

89. (Original) A ^stem. according to claim 70, wherein said signature 
extractor comprises ari' audio si^atuie extractor for extracting a signature fiom an 
audio part of said extraci«l traii^ji)ort data. ^ 

90. (Original). A i^'steni accordinjg tp claim 70, wherein said signature 
extractor compri^S a vid«> si^ature extractor for extracting a signature from a video 
part of swd extracted transport data. 

.91, (Origini),A sysste^h a^ claim 70, wherein said comparator is 
operable to compare; said exli^ signature with each one of said preobtained 
signanires, thereby to determine whether said monitored Hansport data belongs to a 
content source which is the sanoic as. any of said agnatures. 

92. (Original) A system according to claim 91, wherein said comparator is 
operable to calculate a likelihood of compatibility with each of said preobtained 
signatures and to o^itput.a . highest one of said probabiUties to.an unauthorized content 
presence determinator cprniec^ subsequentiy to said comparator. 
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93. (Original) A system according to claim 92, wherein said unauthorized 
content presence determinatot is operable to use the output of said comparator to 
determine whether unauthorized content is present in said ttansport and to output a 
positive decision of said presence to asubsequentty connected poUcy determinator. 

94. (Original) A system according to claim 91, wherein an unauthorized 
content presence determinator is connected subsequently to said comparator and is 
operable to.use an output of , said, cpmparatpr to detennine whether unauthorized 
content is present in ?aidtraiis^^ a positive decision of said presence being output to 
a subsequently.cpnnected policy 4e|;^nator. 

95. (Original) A system according to claim 94, wherein said policy 
determinator comprises^ said nd^-tased decisiwt.. making unit for producing an 
enforcement deci8ifltt-b^,W.<^ of at least said unau&orized content presence 
determinator. , , ; . . • . . 

,96. .(OriginM) A .system according to cto 
detenninator is op^able to use said rule-based decision making unit to select between 
a set of outputs including at least some of: taking no action, performing auditing, 
oulputting a transcript of said co|it«at. reducing bandwidth assigned to said transport, 
using an active bit9^ieam uita^ technique* stopping said transport, not allowing 
printing of said content, not allov^ing photocopying of said content and not allow 
saving of said content on portable media. 



3" 



97. (Original) A sjr^tem' according to claim 96, said rule-based decision 
making unit is operable to use a likelihood of a signature identification as an input in 
order to make said seiection. 

98. (Original) A systm according to claim 70. fiirther comprising an audit 
unit for preparing and storing a«lit leporis of transportation of data identified as 
corresponding to contait it is desired to mcmitor. 
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99. (Original) A system according to claim 79, further comprising a policy 
detemiinalor connected to receive positive outcomes of said encryption determinator 
and to apply rule-based decision of said rule-based decision making unit to select 
between a set of outputs including at least some of: taking no action, performing 
auditing, outputting a transcript of said content, reducing bandwidth assigned to said 
ttansport. using an active bitstream interference technique, stopping said transport, 
reducing quality of the content, removing sensitive parts, altering the content, adding 
a message to said content, . nqt djpwing pimting of said content, not allowing 
photocopying of smd coirtent a^d ^ot ilw sayijig of said content on portable media. 

lOO: (biigirial) A system'^ according to claim 99, said policy determinator 
being operable to use arfinput" olf aii inount of ehc^ transport firom a given user 
as a factor in said r^e" based decision' making. 



101. (Original); A system according to claun 82, fiirther comprising a 
poUcy determinator connected' to receive positive outcomes of said encryption 
determinator and to apply nile^based decision makmg of said rule-based decision- 
making unit to selert betw^^ a Vat pf oulpvtfte including at least some of: taking no 
a<^on. perfomiiiig abditi^. 0^ a^tr^script of said content, reducing 
bandwidth assigned to^aidti^pbrt; using an active bitstream interference technique, 
stopping said transport, reducing quality of tiie content, removing sensitive parts, 
altering the cpntent, adding a mes^ge to said .content, not allowing printing of said 
content, not allowing photocopying of said content, and not allowing saving of said 
content oaportable^media. ;, : ■ -v 

' " 'ibl (6rigimdyAsysiOTi according to ck^ 
being operable to use: 7 

an input of an amount of encrypted transport from a given user, and 

said confidencerleyel, ^ - 

* ''' as factors in said rule based decision making. 
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103. (Original) A system according to claim 69, coiiq)rised wiihin a 

firewall. 

104. (Original) A system accordiijg to claim 103. said transport data 
monitor being operable to in^ incoming and outgping data transport crossing said 
firewall. 

105. (Original) A system according to claim 69, operable to define a 
restricted network zone williin said network by inspecting data transport outgoing 

from said zone. 

106. (Original) A system according to claim 69, comprising certification 
recognition functionality to recoghize data sources as being trustworthy and to allow 
data transport originatir^ from said trustworthy data sources to pass through without 
monitoring. - • • 

• .1' . 

107. (Original) A system according to claim 69, comprising certification 
recognition functionality to refeognize data sources as being trustworthy and to aUow 
data transport originating from said tmstwofthy data sources to pass through with 
monitoring modified on tiie 'b^is of said data source recognition. 

108. (Original) A system according to daun 69, comprising certification 
recognition fimctionality to recognize data sources as being trustworthy and to allow 
data transport originating' fiani' s^d trustworthy datii sxmxs to pass through with said 
decision making b^ihg modified on die basis of s^d data source recognition. 

109. (Cunentiy Amended) A method of monitoring for distribution of 
known sensitive content over a network, ti» metiiod comprising: 
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obtaining extracts of data ftom at least one monitoring point on said 

networic, 

obtaining a signature indicative of content of said extracted data, 

comparing said signature wiih at least one of a set of signatures indicative 
of the sensitive content^ ff^H yM,«itive content hrin^ im.mallY generated injhg 

advance nhtaining exiiacts, said set of signatures being stored in 
advance of said obtaining extracts of data, 

determining if said extracHed data cOiiirmses any of said sensitive content 

according to said comparing, and 

using an ou^ut of. said .determining: as aii indication of the presence or 

absence of the sensitive content. _ , 

•' ••■ •'• , ■• .. - "-■ - 

" llO". (Curiindy Amekded) A method of conttolling the distribution of 
known sensitive content over a network, the method comprising: 

obtaining extracts of data from at least one monitoring point on said 

network, r'.W«f.. • 

obtaining a signature indicative of content of said extracted data, 

comparing said signature with at least one of a set of signatoires indicative 
of the .^.^^^^^c^ihe s^^ content, said set being stored in advance of 
iuiJ (ilil linliiE nrtmrt-.fTf ilitT i -'-^ o«ic;t;v.. .ont^it being internally generated in the 
t^e ^k in advance of said o htainia^ extracts. 

determiiung if said exttarted dati'coffiprises any of said sensitive content 

according to said comparing^ . ; . ■■ .v 

'{.kini aii ou^ut of s^l determiiiing iii selecting an enforcement decision, 
and ■ >• ' ■' ' " ., ■■■ ■ 

■ ^ing- SMd' enfoTCOTient decision in bandwidth management of said 

network. 

111. (Original), A method according to claim 110. wherein enforcement 
dedsions for selectioii.include at least some of taking no action, performing auditing. 
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autputting a transcript of said content, reducing bandwidth assigned to said transport, 
stopping said transport, reducing quality of the content, removing sensitive parts, 
altering the content, adding a message to said content, using an active bitstream 
interference technique, restricting bandwidlJi to a predetermined degree, not allowing 
printing of said content, not aUovdng. photocopying of said content and not allowing 
saving of said content on portable media. 

112. (Original) A method according to claim 111, wherein said 
predetermined degfee is 'seleOable" from i r^e extendmg between minimal 
restriction and zero bandwidth. '■''^ " 

113. (Previously Fresent?d)^^A system according to claim 1, wherein said 
transport data monitor coininises functionaUty to remove steganograms, said 
steganograms for removal being steganograms comprising information hidden within 
said data being monitored by said tniiisport data ihbnitor. 



114. (Previously Presented) A system according to claim 113, wherein said 
fijnctionality to remove ^stesganograms is independent of at. least one of a group 
comprising: 

a content of said stegariog^fuii'hidden within said dato being monitored, 
a content of said iiifbrmation hidden within said data being monitored, and 
of amefliod of hiding of said stcganogram within said data being monitored. 

115. (Previously Presrated)^ A* sy^ aaSordiig to claim 69, wherein said 
functionality to remove steganograms comprises at least one of the following: 
adding noise io* said' data being monitored by said transport data monitor; 
distorting'said data being monitored by said transport data monitor; and 
embedding at least one steganogram within said data being monitored by said 
transport data monitor . 
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116. (Previously Presented) A system according to claim 69, wherein said 
transport data monitor comprises functionality to remove steganograras, said 
steganogiams for removal being steganograms comprising information hidden within 
said data being monitored by said'transport data monitor. 

117. (Piwiously Piesaited). A system according to claim 116, wherein said 
functionality to remove steganograms is independent of at least one of a group 
compriang: 

a content of said steganogram hidden v^diin said data being monitored, 
a content of said infdrnfeti^ii hidden within said data being monitored, and 
of a method of hiding of said steganogram within said data being monitored. 



118. (Previously Presented) A system 'according to claim 116, wherein said 
functionality to remove steganograms comprises at least one of the following: 

adding noise^o said da^^ hping monitpred Jby.said transport data monitor; 

distorting said data being monitored by swd transport data monitor; and 

embedding at least one steganogram witibiri said data being monitored by said 
transport data monitor; '.. .J ' : , • 



119. (Previously Presorted) A method according to ciaun 109, further 
comprising removing steganograms firom said extrarted data, said steganograms being 
hidden within said;#ta.•:..^Vi^->^•'^ .•.«-•>!" 

120. (Previously Presented) A method according to claim 1 19, wherein said 
removing stegano^ms is indepeiident of at least one of a group comprising: 

a content of said steganogram hidden within said data, 

a content of said ihformalibn hidden Widuh'said data, and 

of a method .of hiding 9f said steganogram within said data. 

121. (Previousiy^entea) A method according io claim 119, wherein said 
removing steganograiM comprises at least one of the foUowing: 
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adding noise to said data; 
distorting said data; and 

embedding at least one further steganogram within said data. 

122. (Previously Presented) A method according to claim 110, finther 
comprising removing steganograms from said extracted data, said steganograms being 
hidden within said data. 

123. (Previously Presented) A method according to claim 122, wherein said 
removing steganograms is independent of at least one of a group comprising: 

a contrait of said steganogram hidden within said data, 

a contentof said inforinatibn hiddem within-said data, and 

of amethod of hiding of said steganogram within said data. 

124. (Previousiy Presented) A method according to claim 122, wherein said 
removing steganograms comprises at least one of tije following: 

adding noise to said data;. . . ] . ■■ 
distorting said data; and 
embedding at least one furthbrste^bgram wi&in said data. 



125. (New) A system for.network.cont«it monitoring, comprising: 

a traMport" d^to^inonito^^ comj^le, to a point in a network, for 
monitoring data being transported past said point, 

a description extractiir, associated with said transport data monitor, for 
extracting descriptions pfsaid data being transported, 

a database of at least pne pieobtained description of known prepossessed 
content whose movements it is desired to monitor, said preobtained description being 
obtained in advance of said extracting descriptions, and 

a comparator, .confi,^ured to det^imine whether said extracted description 
corresponds to any of said at least one preobtained descriptions, and to decide whether 
said data being transported comprises any of .said prepossessed content whose 
movanents it is desired to monitor according to said detennining. 
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126. (New) A system for network cdntett monitoring, conqmsing: 

a transport data monitor, connectable to a point in a network, for 
monitoring data being transported past said point* 

a description extractor, associated with said transport data monitor, for 
exttacting descriptions of said data being transported, 

a database of at least one ineobtained description of known content whose 
movements it is desired to monitor, said content never sent out of Ae network, said 
content being internally generated.in the network in advance of said extracting, said 
pteobtained description being obtained in advance , of said and 

a comparator, configured to determine whether said extracted description 
corresponds to .any of said at le^ one preobtained descriptions, and to decide whether 
said data being, tranq)ort^comp?;^e!S any of ..said content whose movements it is 
desired to monitor according to. ^d determining. . 



